13 May 2016

Petya ransomware is back with a friend named Misha

Petya ransomware is back with a friend named Misha

Petya ransomware became very popular because of its name. However, the code was not efficient enough to make money for malware writers. Petya needed administrative privileges on the system to modify master boot record. If it could not get administrative privileges, it did nothing with the infected computer.

Ransomware writers had to do something about it, and they did: a very clever and scary move from. They released new malware named Misha. It is downloaded by Petya in case Petya’s installation has failed. Misha does not require administrative privileges, according to Bleepingcomputer.

After installation Misha ransomware encrypts files with AES encryption algorithm and demands ransom of 1.93 bitcoins (approximately $875). Encrypted files are renamed and 4-character extension is added to the filename, for example: test.jpg will renamed into test.jpg.7GP3.

Ransomware is distributed via emails with link to malicious executables, disguised as job applications.

Unfortunately, there is no know way to restore encrypted files for free.

Back to the list

Latest Posts

Hackers actively exploit a recently patched vulnerability in Exim email server software

Hackers actively exploit a recently patched vulnerability in Exim email server software

Millions of Exim email servers are currently under attack.
14 June 2019
FIN8 hacking group reappears with updated ShellTea backdoor, targets POS devices in the hotel industry

FIN8 hacking group reappears with updated ShellTea backdoor, targets POS devices in the hotel industry

FIN8 made several improvements to its malware arsenal, fixing bugs and making the malicious tools harder to detect.
13 June 2019
Hackers weaponize critical Oracle WebLogic vulnerability in cryptojacking attacks

Hackers weaponize critical Oracle WebLogic vulnerability in cryptojacking attacks

Trend Micro’s researchers shed light on some of the activity involving CVE-2019-2725.
11 June 2019
Featured vulnerabilities
Stored XSS in FortiWeb reports
Medium Patched | 13 Jun, 2019
Microsoft update for Adobe Flash (June 2019)
High Patched | 12 Jun, 2019